컴퓨터/노트북/인터넷
IT 컴퓨터 기기를 좋아하는 사람들의 모임방
Apache 2.4 이상 버전에서 403 에러가 발생. error.log 를 보니 다음과 같은 에러가 있었다.
[Tue Dec 11 17:49:19.350384 2012] [authz_core:error] [pid 5308:tid 1576] [client 127.0.0.1:53603] AH01630: client denied by server configuration: /DOCUMENT_ROOT
아마도 우분투를 업그레이드하면서 (2.2에서 2.4로 업그레이드) 기존에쓰던 conf 파일 옵션값이 문제를 일으킨모양이다.
apache 2.2
<Directory /DOCUMENT_ROOT>
~~~
Order allow,deny
Allow from all
</Directory>
apache 2.4 최신
<Directory /DOCUMENT_ROOT>
~~~
Require all granted
</Directory>
아래는 apache 공식사이트 설명문서다.
https://httpd.apache.org/docs/2.4/upgrading.html
2.2 configuration:
Order deny,allow Deny from all
2.4 configuration:
Require all denied
In this example, there is no authentication and all requests are allowed.
2.2 configuration:
Order allow,deny Allow from all
2.4 configuration:
Require all granted
In the following example, there is no authentication and all hosts in the example.org domain are allowed access; all other hosts are denied access.
2.2 configuration:
Order Deny,Allow Deny from all Allow from example.org
2.4 configuration:
Require host example.org
In the following example, mixing old and new directives leads to unexpected results.
Mixing old and new directives: NOT WORKING AS EXPECTED
DocumentRoot "/var/www/html"
<Directory "/">
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Location "/server-status">
SetHandler server-status
Require local
</Location>
access.log - GET /server-status 403 127.0.0.1
error.log - AH01797: client denied by server configuration: /var/www/html/server-status
Why httpd denies access to servers-status even if the configuration seems to allow it? Because mod_access_compat directives take precedence over the mod_authz_host one in this configuration merge scenario.
This example conversely works as expected:
Mixing old and new directives: WORKING AS EXPECTED
DocumentRoot "/var/www/html"
<Directory "/">
AllowOverride None
Require all denied
</Directory>
<Location "/server-status">
SetHandler server-status
Order deny,allow
Deny from all
Allow From 127.0.0.1
</Location>
access.log - GET /server-status 200 127.0.0.1
So even if mixing configuration is still possible, please try to avoid it when upgrading: either keep old directives and then migrate to the new ones on a later stage or just migrate everything in bulk.
In many configurations with authentication, where the value of the Satisfy was the default of ALL, snippets that simply disabled host-based access control are omitted:
2.2 configuration:
# 2.2 config that disables host-based access control and uses only authentication Order Deny,Allow Allow from all AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
2.4 configuration:
# No replacement of disabling host-based access control needed AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
In configurations where both authentication and access control were meaningfully combined, the access control directives should be migrated. This example allows requests meeting both criteria:
2.2 configuration:
Order allow,deny Deny from all # Satisfy ALL is the default Satisfy ALL Allow from 127.0.0.1 AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
2.4 configuration:
AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure <RequireAll> Require valid-user Require ip 127.0.0.1 </RequireAll>
In configurations where both authentication and access control were meaningfully combined, the access control directives should be migrated. This example allows requests meeting either criteria:
2.2 configuration:
Order allow,deny Deny from all Satisfy any Allow from 127.0.0.1 AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
2.4 configuration:
AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure # Implicitly <RequireAny> Require valid-user Require ip 127.0.0.1
컴퓨터/노트북/인터넷
IT 컴퓨터 기기를 좋아하는 사람들의 모임방
| 번호 | 분류 | 제목 | 조회 수 | 날짜 |
|---|---|---|---|---|
| 공지 | 뉴스 |
구글 최신 뉴스
|
1452 | 2024.12.12 |
| HOT글 | 일반 | 샤오미 BE6500 라우터 실사용 후기 (Wi-Fi 7 + 2.5G 스위치 기능까지 ㄷㄷ) 4 | 1011 | 2025.06.28 |
| 공지 | 🚨(뉴비필독) 전체공지 & 포인트안내 20 | 28547 | 2024.11.04 | |
| 공지 | URL만 붙여넣으면 끝! 임베드 기능 | 22670 | 2025.01.21 | |
| 10641 | 네이버 지식쇼핑을 보면 깜놀랄일 | 3952 | 2014.03.23 | |
| 10640 | mysql 6.0 다운로드 (windows 계열 32비트용) | 2786 | 2014.03.29 | |
| 10639 | 리니지 프리서버 - 춘자 2.7클라이언트 2 | 9505 | 2014.03.30 | |
| 10638 | 안녕하세요 | 1925 | 2014.04.07 | |
| 10637 | 가입했습니당^.^ 1 | 2189 | 2014.04.07 | |
| 10636 | 가입인사드립니다. 1 | 2124 | 2014.04.07 | |
| 10635 | 스위트망고입니다. 반갑습니다 1 | 2196 | 2014.04.07 | |
| 10634 | 영자님 2 | 4002 | 2014.04.11 | |
| 10633 | 카오스원 2 | 3277 | 2014.04.11 | |
| 10632 | 컴퓨터 포멧하려는데 BIOS 화면이 안떠요. 6 | 5186 | 2014.04.12 | |
| 10631 | 하이하이 1 | 4142 | 2014.04.12 | |
| 10630 | 영자씨 1 | 2622 | 2014.04.13 | |
| 10629 | 인텔 v프로 원격제어 지원 메인보드-애즈락 Q87M 프로 출시 | 2850 | 2014.04.26 | |
| 10628 | 하즈웰 4세대 오버클럭시 온도차이. | 2379 | 2014.04.26 | |
| 10627 | 갠적으로 마음에 드는 그래픽카드 GTX760 PHANTOM DDR5 2G 1 | 2843 | 2014.04.26 | |
| 10626 | 탑파워 TOPOWER TOP-500D 80PLUS Bronze | 1943 | 2014.04.26 | |
| 10625 | 슈퍼플라워 SF-500P12A 후기 | 1711 | 2014.04.26 | |
| 10624 | 인텔 코어 i7 하스웰 4770 추천드림 | 2424 | 2014.04.26 | |
| 10623 | 듀얼 모니터 작업표시줄 프로그램 | 2976 | 2014.04.26 | |
| 10622 | 일반하드랑 ssd랑 차이가 심한가요? 1 | 3035 | 2014.04.26 | |
| 10621 | 로지텍 Gaming Mouse G100 쓰다보니 | 2200 | 2014.04.26 | |
| 10620 | AMD FX 8300 비쉐라는 인텔 cpu 어느것과 동급인가요? 1 | 4270 | 2014.04.26 | |
| 10619 | 인텔 G3220 하스웰- 부모님 조립해드렸어요 | 2422 | 2014.04.26 | |
| 10618 | 인텔 제온 E3-1230V3, 제온짝퉁이라니? | 2633 | 2014.04.26 | |
| 10617 | ipTIME Extender2 무선공유기 wifi 확장써보니...안습 | 2324 | 2014.04.26 | |
| 10616 | 안철수 v3백신도 좋지만, avast가 더 좋은것 같아요 | 2489 | 2014.04.27 | |
| 10615 | 컴퓨터가 아무래도 연차가 있다보니.. 1 | 3410 | 2014.04.27 | |
| 10614 | 그외 | 컴퓨터 온도측정 프로그램 hwmonitor | 3777 | 2014.04.28 |
| 10613 | 이용하는 사람이 별로 없나바요. 3 | 3510 | 2014.04.28 | |
| 10612 | 안녕하세요^^ 이번에 PC 새로 맞추려는데 1 | 2336 | 2014.04.28 |